Add more tests for STS
- ensure that we don't crash if the token file is not readable.
- fixed the oauth2 token fetcher as well.
diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc
index 85c70bc..b58973d 100644
--- a/test/core/security/credentials_test.cc
+++ b/test/core/security/credentials_test.cc
@@ -982,6 +982,41 @@
gpr_free(actor_token_path);
}
+static void test_sts_creds_token_file_not_found(void) {
+ grpc_core::ExecCtx exec_ctx;
+ grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
+ nullptr, nullptr};
+ grpc_sts_credentials_options valid_options = {
+ test_sts_endpoint_url, // sts_endpoint_url
+ "resource", // resource
+ "audience", // audience
+ "scope", // scope
+ "requested_token_type", // requested_token_type
+ "/some/completely/random/path", // subject_token_path
+ test_signed_jwt_token_type, // subject_token_type
+ "", // actor_token_path
+ "" // actor_token_type
+ };
+ grpc_call_credentials* creds =
+ grpc_sts_credentials_create(&valid_options, nullptr);
+
+ /* Check security level. */
+ GPR_ASSERT(creds->min_security_level() == GRPC_PRIVACY_AND_INTEGRITY);
+
+ request_metadata_state* state = make_request_metadata_state(
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+ "Error occurred when fetching oauth2 token."),
+ nullptr, 0);
+ grpc_httpcli_set_override(httpcli_get_should_not_be_called,
+ httpcli_post_should_not_be_called);
+ run_request_metadata_test(creds, auth_md_ctx, state);
+ grpc_core::ExecCtx::Get()->Flush();
+
+ /* Cleanup. */
+ creds->Unref();
+ grpc_httpcli_set_override(nullptr, nullptr);
+}
+
static void test_sts_creds_no_actor_token_success(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
@@ -1687,6 +1722,7 @@
test_sts_creds_no_actor_token_success();
test_sts_creds_load_token_failure();
test_sts_creds_http_failure();
+ test_sts_creds_token_file_not_found();
test_jwt_creds_lifetime();
test_jwt_creds_success();
test_jwt_creds_signing_failure();
diff --git a/test/core/security/oauth2_utils.cc b/test/core/security/oauth2_utils.cc
index cab06f9..0885a1a 100644
--- a/test/core/security/oauth2_utils.cc
+++ b/test/core/security/oauth2_utils.cc
@@ -27,6 +27,7 @@
#include <grpc/support/log.h>
#include <grpc/support/sync.h>
+#include "src/core/lib/iomgr/exec_ctx.h"
#include "src/core/lib/security/credentials/credentials.h"
typedef struct {
@@ -63,17 +64,14 @@
gpr_mu_unlock(request->mu);
}
-static void destroy_after_shutdown(void* pollset, grpc_error* /*error*/) {
- grpc_pollset_destroy(reinterpret_cast<grpc_pollset*>(pollset));
- gpr_free(pollset);
-}
+static void do_nothing(void* /*arg*/, grpc_error* /*error*/) {}
char* grpc_test_fetch_oauth2_token_with_credentials(
grpc_call_credentials* creds) {
oauth2_request request;
- request = {};
+ memset(&request, 0, sizeof(request));
grpc_core::ExecCtx exec_ctx;
- grpc_closure destroy_after_shutdown_closure;
+ grpc_closure do_nothing_closure;
grpc_auth_metadata_context null_ctx = {"", "", nullptr, nullptr};
grpc_pollset* pollset =
@@ -82,8 +80,8 @@
request.pops = grpc_polling_entity_create_from_pollset(pollset);
request.is_done = false;
- GRPC_CLOSURE_INIT(&destroy_after_shutdown_closure, destroy_after_shutdown,
- pollset, grpc_schedule_on_exec_ctx);
+ GRPC_CLOSURE_INIT(&do_nothing_closure, do_nothing, nullptr,
+ grpc_schedule_on_exec_ctx);
GRPC_CLOSURE_INIT(&request.closure, on_oauth2_response, &request,
grpc_schedule_on_exec_ctx);
@@ -110,6 +108,9 @@
gpr_mu_unlock(request.mu);
grpc_pollset_shutdown(grpc_polling_entity_pollset(&request.pops),
- &destroy_after_shutdown_closure);
+ &do_nothing_closure);
+ grpc_core::ExecCtx::Get()->Flush();
+ grpc_pollset_destroy(grpc_polling_entity_pollset(&request.pops));
+ gpr_free(pollset);
return request.token;
}